From 8a8b24a4baf924ca3cda830e67db66f8ef7f074a Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Jan 08 2010 15:37:13 +0000 Subject: Lircd patch from Dan Walsh. --- diff --git a/policy/modules/services/lircd.fc b/policy/modules/services/lircd.fc index cc43e40..49e04e5 100644 --- a/policy/modules/services/lircd.fc +++ b/policy/modules/services/lircd.fc @@ -5,4 +5,6 @@ /usr/sbin/lircd -- gen_context(system_u:object_r:lircd_exec_t,s0) +/var/run/lirc(/.*)? gen_context(system_u:object_r:lircd_var_run_t,s0) +/var/run/lircd(/.*)? gen_context(system_u:object_r:lircd_var_run_t,s0) /var/run/lircd\.pid gen_context(system_u:object_r:lircd_var_run_t,s0) diff --git a/policy/modules/services/lircd.if b/policy/modules/services/lircd.if index 2cd228a..d394f17 100644 --- a/policy/modules/services/lircd.if +++ b/policy/modules/services/lircd.if @@ -32,12 +32,11 @@ interface(`lircd_domtrans',` # interface(`lircd_stream_connect',` gen_require(` - type lircd_sock_t, lircd_t; + type lircd_var_run_t, lircd_t; ') - allow $1 lircd_t:unix_stream_socket connectto; - allow $1 lircd_sock_t:sock_file write_sock_file_perms; files_search_pids($1) + stream_connect_pattern($1, lircd_var_run_t, lircd_var_run_t, lircd_t) ') ####################################### @@ -60,7 +59,7 @@ interface(`lircd_read_config',` ######################################## ## -## All of the rules required to administrate +## All of the rules required to administrate ## a lircd environment ## ## @@ -77,7 +76,7 @@ interface(`lircd_read_config',` # interface(`lircd_admin',` gen_require(` - type lircd_t, lircd_var_run_t, lircd_sock_t; + type lircd_t, lircd_var_run_t; type lircd_initrc_exec_t, lircd_etc_t; ') @@ -94,6 +93,4 @@ interface(`lircd_admin',` files_search_pids($1) admin_pattern($1, lircd_var_run_t) - - admin_pattern($1, lircd_sock_t) ') diff --git a/policy/modules/services/lircd.te b/policy/modules/services/lircd.te index db3079e..0c469d1 100644 --- a/policy/modules/services/lircd.te +++ b/policy/modules/services/lircd.te @@ -1,5 +1,5 @@ -policy_module(lircd, 1.0.0) +policy_module(lircd, 1.0.1) ######################################## # @@ -16,13 +16,9 @@ init_script_file(lircd_initrc_exec_t) type lircd_etc_t; files_type(lircd_etc_t) -type lircd_var_run_t; +type lircd_var_run_t alias lircd_sock_t; files_pid_file(lircd_var_run_t) -# type for lircd /dev/ sock file -type lircd_sock_t; -files_type(lircd_sock_t) - ######################################## # # lircd local policy @@ -34,14 +30,24 @@ allow lircd_t self:unix_dgram_socket create_socket_perms; # etc file read_files_pattern(lircd_t, lircd_etc_t, lircd_etc_t) -# pid file manage_dirs_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t) manage_files_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t) +manage_sock_files_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t) files_pid_filetrans(lircd_t, lircd_var_run_t, { dir file }) - # /dev/lircd socket -manage_sock_files_pattern(lircd_t, lircd_sock_t, lircd_sock_t) -dev_filetrans(lircd_t, lircd_sock_t, sock_file ) +dev_filetrans(lircd_t, lircd_var_run_t, sock_file) + +dev_read_generic_usb_dev(lircd_t) +dev_filetrans_lirc(lircd_t) +dev_rw_lirc(lircd_t) +dev_rw_input_dev(lircd_t) + +files_read_etc_files(lircd_t) +files_list_var(lircd_t) +files_manage_generic_locks(lircd_t) +files_read_all_locks(lircd_t) + +term_use_ptmx(lircd_t) logging_send_syslog_msg(lircd_t)